git: e3af330927c7 - main - nginx-devel/Makefile: update HTTPv3 patch to the recent commit
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Jan 2022 04:38:55 UTC
The branch main has been updated by osa:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e3af330927c7378919dfa6072aaa30c9c842715c
commit e3af330927c7378919dfa6072aaa30c9c842715c
Author: Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2022-01-14 04:30:33 +0000
Commit: Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2022-01-14 04:30:33 +0000
nginx-devel/Makefile: update HTTPv3 patch to the recent commit
The extra-patch-httpv3 contains the README file now, previously a
diff for that file was omitted. To avoid a rejection for the README
file the original file from nginx distribution is going to be preserved.
Bump PORTREVISION.
---
www/nginx-devel/Makefile | 5 +-
www/nginx-devel/files/extra-patch-httpv3 | 1113 +++++++++++++++++++-----------
2 files changed, 704 insertions(+), 414 deletions(-)
diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index f19f856f6603..8ef92331e4f2 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -2,7 +2,7 @@
PORTNAME?= nginx
PORTVERSION= 1.21.5
-PORTREVISION= 8
+PORTREVISION= 9
CATEGORIES= www
MASTER_SITES= https://nginx.org/download/ \
LOCAL/osa
@@ -268,6 +268,9 @@ post-extract-GRIDFS-on:
@${RMDIR} ${WRKSRC_gridfs}/mongo-c-driver/
@${MV} ${WRKSRC_mongo_c} ${WRKSRC_gridfs}/mongo-c-driver
+pre-patch-HTTPV3-on:
+ @${MV} ${WRKSRC}/README ${WRKSRC}/README.1st
+
post-patch:
@${REINPLACE_CMD} 's!%%HTTP_PORT%%!${HTTP_PORT}!; \
s!%%PREFIX%%!${PREFIX}!; \
diff --git a/www/nginx-devel/files/extra-patch-httpv3 b/www/nginx-devel/files/extra-patch-httpv3
index dac679832645..492a7272a828 100644
--- a/www/nginx-devel/files/extra-patch-httpv3
+++ b/www/nginx-devel/files/extra-patch-httpv3
@@ -1,6 +1,272 @@
-diff -r 67408b4a12c0 auto/lib/openssl/conf
---- a/auto/lib/openssl/conf Tue Dec 28 18:28:38 2021 +0300
-+++ b/auto/lib/openssl/conf Tue Jan 04 18:14:15 2022 -0500
+diff --git a/README b/README
+new file mode 100644
+--- /dev/null
++++ b/README
+@@ -0,0 +1,261 @@
++Experimental QUIC support for nginx
++-----------------------------------
++
++1. Introduction
++2. Installing
++3. Configuration
++4. Clients
++5. Troubleshooting
++6. Contributing
++7. Links
++
++1. Introduction
++
++ This is an experimental QUIC [1] / HTTP/3 [2] support for nginx.
++
++ The code is developed in a separate "quic" branch available
++ at https://hg.nginx.org/nginx-quic. Currently it is based
++ on nginx mainline 1.21.x. We merge new nginx releases into
++ this branch regularly.
++
++ The project code base is under the same BSD license as nginx.
++
++ The code is currently at a beta level of quality and should not
++ be used in production.
++
++ We are working on improving HTTP/3 support with the goal of
++ integrating it to the main NGINX codebase. Expect frequent
++ updates of this code and don't rely on it for whatever purpose.
++
++ We'll be grateful for any feedback and code submissions however
++ we don't bear any responsibilities for any issues with this code.
++
++ You can always contact us via nginx-devel mailing list [3].
++
++ What works now:
++
++ Currently we support IETF-QUIC draft-29 through final RFC documents.
++ Earlier drafts are NOT supported as they have incompatible wire format.
++
++ nginx should be able to respond to HTTP/3 requests over QUIC and
++ it should be possible to upload and download big files without errors.
++
++ + The handshake completes successfully
++ + One endpoint can update keys and its peer responds correctly
++ + 0-RTT data is being received and acted on
++ + Connection is established using TLS Resume Ticket
++ + A handshake that includes a Retry packet completes successfully
++ + Stream data is being exchanged and ACK'ed
++ + An H3 transaction succeeded
++ + One or both endpoints insert entries into dynamic table and
++ subsequently reference them from header blocks
++ + Version Negotiation packet is sent to client with unknown version
++ + Lost packets are detected and retransmitted properly
++ + Clients may migrate to new address
++
++ Not (yet) supported features:
++
++ - Explicit Congestion Notification (ECN) as specified in quic-recovery [5]
++ - A connection with the spin bit succeeds and the bit is spinning
++ - Structured Logging
++
++ Since the code is experimental and still under development,
++ a lot of things may not work as expected, for example:
++
++ - Flow control mechanism is basic and intended to avoid CPU hog and make
++ simple interactions possible
++
++ - Not all protocol requirements are strictly followed; some of checks are
++ omitted for the sake of simplicity of initial implementation
++
++2. Installing
++
++ You will need a BoringSSL [4] library that provides QUIC support
++
++ $ hg clone -b quic https://hg.nginx.org/nginx-quic
++ $ cd nginx-quic
++ $ ./auto/configure --with-debug --with-http_v3_module \
++ --with-cc-opt="-I../boringssl/include" \
++ --with-ld-opt="-L../boringssl/build/ssl \
++ -L../boringssl/build/crypto"
++ $ make
++
++ Alternatively, nginx can be configured with QuicTLS [9]
++
++ $ ./auto/configure --with-debug --with-http_v3_module \
++ --with-cc-opt="-I../quictls/build/include" \
++ --with-ld-opt="-L../quictls/build/lib"
++
++ When configuring nginx, you can enable QUIC and HTTP/3 using the
++ following new configuration options:
++
++ --with-http_v3_module - enable QUIC and HTTP/3
++ --with-stream_quic_module - enable QUIC in Stream
++
++3. Configuration
++
++ The HTTP "listen" directive got a new option "http3" which enables
++ HTTP/3 over QUIC on the specified port.
++
++ The Stream "listen" directive got a new option "quic" which enables
++ QUIC as client transport protocol instead of TCP or plain UDP.
++
++ Along with "http3" or "quic", you also have to specify "reuseport"
++ option [6] to make it work properly with multiple workers.
++
++ To enable address validation:
++
++ quic_retry on;
++
++ To enable 0-RTT:
++
++ ssl_early_data on;
++
++ Make sure that TLS 1.3 is configured which is required for QUIC:
++
++ ssl_protocols TLSv1.3;
++
++ To enable GSO (Generic Segmentation Offloading):
++
++ quic_gso on;
++
++ To limit maximum packet size:
++
++ quic_mtu <size>;
++
++ To set host key for various tokens:
++
++ quic_host_key <filename>;
++
++
++ By default this Linux-specific optimization [8] is disabled.
++ Enable if your network interface is configured to support GSO.
++
++ A number of directives were added that configure HTTP/3:
++
++ http3_stream_buffer_size
++ http3_max_concurrent_pushes
++ http3_max_concurrent_streams
++ http3_push
++ http3_push_preload
++ http3_hq (requires NGX_HTTP_V3_HQ macro)
++
++ In http, an additional variable is available: $http3.
++ The value of $http3 is "h3" for HTTP/3 connections,
++ "hq" for hq connections, or an empty string otherwise.
++
++ In stream, an additional variable is available: $quic.
++ The value of $quic is "quic" if QUIC connection is used,
++ or an empty string otherwise.
++
++Example configuration:
++
++ http {
++ log_format quic '$remote_addr - $remote_user [$time_local] '
++ '"$request" $status $body_bytes_sent '
++ '"$http_referer" "$http_user_agent" "$http3"';
++
++ access_log logs/access.log quic;
++
++ server {
++ # for better compatibility it's recommended
++ # to use the same port for quic and https
++ listen 8443 http3 reuseport;
++ listen 8443 ssl;
++
++ ssl_certificate certs/example.com.crt;
++ ssl_certificate_key certs/example.com.key;
++ ssl_protocols TLSv1.3;
++
++ location / {
++ # required for browsers to direct them into quic port
++ add_header Alt-Svc 'h3=":8443"; ma=86400';
++ }
++ }
++ }
++
++4. Clients
++
++ * Browsers
++
++ Known to work: Firefox 80+ and Chrome 85+ (QUIC draft 29+)
++
++ Beware of strange issues: sometimes browser may decide to ignore QUIC
++ Cache clearing/restart might help. Always check access.log and
++ error.log to make sure you are using HTTP/3 and not TCP https.
++
++ + to enable QUIC in Firefox, set the following in 'about:config':
++ network.http.http3.enabled = true
++
++ + to enable QUIC in Chrome, enable it on command line and force it
++ on your site:
++
++ $ ./chrome --enable-quic --quic-version=h3-29 \
++ --origin-to-force-quic-on=example.com:8443
++
++ * Console clients
++
++ Known to work: ngtcp2, firefox's neqo and chromium's console clients:
++
++ $ examples/client 127.0.0.1 8443 https://example.com:8443/index.html
++
++ $ ./neqo-client https://127.0.0.1:8443/
++
++ $ chromium-build/out/my_build/quic_client http://example.com:8443 \
++ --quic_version=h3-29 \
++ --allow_unknown_root_cert \
++ --disable_certificate_verification
++
++
++ If you've got it right, in the access log you should see something like:
++
++ 127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-"
++ "nghttp3/ngtcp2 client" "quic"
++
++
++5. Troubleshooting
++
++ Here are some tips that may help you to identify problems:
++
++ + Ensure you are building with proper SSL library that supports QUIC
++
++ + Ensure you are using the proper SSL library in runtime
++ (`nginx -V` will show you what you are using)
++
++ + Ensure your client is actually sending QUIC requests
++ (see "Clients" section about browsers and cache)
++
++ We recommend to start with simple console client like ngtcp2
++ to ensure you've got server configured properly before trying
++ with real browsers that may be very picky with certificates,
++ for example.
++
++ + Build nginx with debug support [7] and check your debug log.
++ It should contain all details about connection and why it
++ failed. All related messages contain "quic " prefix and can
++ be easily filtered out.
++
++ + If you want to investigate deeper, you may want to enable
++ additional debugging in src/event/quic/ngx_event_quic_connection.h:
++
++ #define NGX_QUIC_DEBUG_PACKETS
++ #define NGX_QUIC_DEBUG_FRAMES
++ #define NGX_QUIC_DEBUG_ALLOC
++ #define NGX_QUIC_DEBUG_CRYPTO
++
++6. Contributing
++
++ If you are willing to contribute, please refer to
++ http://nginx.org/en/docs/contributing_changes.html
++
++7. Links
++
++ [1] https://datatracker.ietf.org/doc/html/rfc9000
++ [2] https://datatracker.ietf.org/doc/html/draft-ietf-quic-http
++ [3] https://mailman.nginx.org/mailman/listinfo/nginx-devel
++ [4] https://boringssl.googlesource.com/boringssl/
++ [5] https://datatracker.ietf.org/doc/html/rfc9002
++ [6] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
++ [7] https://nginx.org/en/docs/debugging_log.html
++ [8] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf
++ [9] https://github.com/quictls/openssl
+diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf
+--- a/auto/lib/openssl/conf
++++ b/auto/lib/openssl/conf
@@ -5,12 +5,16 @@
if [ $OPENSSL != NONE ]; then
@@ -21,7 +287,7 @@ diff -r 67408b4a12c0 auto/lib/openssl/conf
CFLAGS="$CFLAGS -DNO_SYS_TYPES_H"
CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
-@@ -33,9 +37,6 @@
+@@ -33,9 +37,6 @@ if [ $OPENSSL != NONE ]; then
;;
*)
@@ -31,7 +297,7 @@ diff -r 67408b4a12c0 auto/lib/openssl/conf
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
-@@ -139,4 +140,28 @@
+@@ -139,4 +140,28 @@ END
exit 1
fi
@@ -60,9 +326,9 @@ diff -r 67408b4a12c0 auto/lib/openssl/conf
+ fi
+ fi
fi
-diff -r 67408b4a12c0 auto/make
---- a/auto/make Tue Dec 28 18:28:38 2021 +0300
-+++ b/auto/make Tue Jan 04 18:14:15 2022 -0500
+diff --git a/auto/make b/auto/make
+--- a/auto/make
++++ b/auto/make
@@ -6,9 +6,10 @@
echo "creating $NGX_MAKEFILE"
@@ -76,10 +342,10 @@ diff -r 67408b4a12c0 auto/make
$NGX_OBJS/src/mail \
$NGX_OBJS/src/stream \
$NGX_OBJS/src/misc
-diff -r 67408b4a12c0 auto/modules
---- a/auto/modules Tue Dec 28 18:28:38 2021 +0300
-+++ b/auto/modules Tue Jan 04 18:14:15 2022 -0500
-@@ -102,7 +102,7 @@
+diff --git a/auto/modules b/auto/modules
+--- a/auto/modules
++++ b/auto/modules
+@@ -102,7 +102,7 @@ if [ $HTTP = YES ]; then
fi
@@ -88,7 +354,7 @@ diff -r 67408b4a12c0 auto/modules
HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS"
fi
-@@ -124,6 +124,7 @@
+@@ -124,6 +124,7 @@ if [ $HTTP = YES ]; then
# ngx_http_header_filter
# ngx_http_chunked_filter
# ngx_http_v2_filter
@@ -96,7 +362,7 @@ diff -r 67408b4a12c0 auto/modules
# ngx_http_range_header_filter
# ngx_http_gzip_filter
# ngx_http_postpone_filter
-@@ -156,6 +157,7 @@
+@@ -156,6 +157,7 @@ if [ $HTTP = YES ]; then
ngx_http_header_filter_module \
ngx_http_chunked_filter_module \
ngx_http_v2_filter_module \
@@ -104,7 +370,7 @@ diff -r 67408b4a12c0 auto/modules
ngx_http_range_header_filter_module \
ngx_http_gzip_filter_module \
ngx_http_postpone_filter_module \
-@@ -217,6 +219,17 @@
+@@ -217,6 +219,17 @@ if [ $HTTP = YES ]; then
. auto/module
fi
@@ -122,7 +388,7 @@ diff -r 67408b4a12c0 auto/modules
if :; then
ngx_module_name=ngx_http_range_header_filter_module
ngx_module_incs=
-@@ -426,6 +439,33 @@
+@@ -426,6 +439,33 @@ if [ $HTTP = YES ]; then
. auto/module
fi
@@ -156,7 +422,7 @@ diff -r 67408b4a12c0 auto/modules
if :; then
ngx_module_name=ngx_http_static_module
ngx_module_incs=
-@@ -1035,6 +1075,20 @@
+@@ -1035,6 +1075,20 @@ if [ $STREAM != NO ]; then
ngx_module_incs=
@@ -177,7 +443,7 @@ diff -r 67408b4a12c0 auto/modules
if [ $STREAM_SSL = YES ]; then
USE_OPENSSL=YES
have=NGX_STREAM_SSL . auto/have
-@@ -1272,6 +1326,60 @@
+@@ -1272,6 +1326,60 @@ if [ $USE_OPENSSL = YES ]; then
fi
@@ -238,10 +504,10 @@ diff -r 67408b4a12c0 auto/modules
if [ $USE_PCRE = YES ]; then
ngx_module_type=CORE
ngx_module_name=ngx_regex_module
-diff -r 67408b4a12c0 auto/options
---- a/auto/options Tue Dec 28 18:28:38 2021 +0300
-+++ b/auto/options Tue Jan 04 18:14:15 2022 -0500
-@@ -45,6 +45,8 @@
+diff --git a/auto/options b/auto/options
+--- a/auto/options
++++ b/auto/options
+@@ -45,6 +45,8 @@ USE_THREADS=NO
NGX_FILE_AIO=NO
@@ -250,7 +516,7 @@ diff -r 67408b4a12c0 auto/options
HTTP=YES
NGX_HTTP_LOG_PATH=
-@@ -59,6 +61,7 @@
+@@ -59,6 +61,7 @@ HTTP_CHARSET=YES
HTTP_GZIP=YES
HTTP_SSL=NO
HTTP_V2=NO
@@ -258,7 +524,7 @@ diff -r 67408b4a12c0 auto/options
HTTP_SSI=YES
HTTP_REALIP=NO
HTTP_XSLT=NO
-@@ -116,6 +119,7 @@
+@@ -116,6 +119,7 @@ MAIL_SMTP=YES
STREAM=NO
STREAM_SSL=NO
@@ -266,7 +532,7 @@ diff -r 67408b4a12c0 auto/options
STREAM_REALIP=NO
STREAM_LIMIT_CONN=YES
STREAM_ACCESS=YES
-@@ -149,6 +153,7 @@
+@@ -149,6 +153,7 @@ PCRE_JIT=NO
PCRE2=YES
USE_OPENSSL=NO
@@ -274,7 +540,7 @@ diff -r 67408b4a12c0 auto/options
OPENSSL=NONE
USE_ZLIB=NO
-@@ -166,6 +171,8 @@
+@@ -166,6 +171,8 @@ USE_GEOIP=NO
NGX_GOOGLE_PERFTOOLS=NO
NGX_CPP_TEST=NO
@@ -283,7 +549,7 @@ diff -r 67408b4a12c0 auto/options
NGX_LIBATOMIC=NO
NGX_CPU_CACHE_LINE=
-@@ -211,6 +218,8 @@
+@@ -211,6 +218,8 @@ do
--with-file-aio) NGX_FILE_AIO=YES ;;
@@ -292,7 +558,7 @@ diff -r 67408b4a12c0 auto/options
--with-ipv6)
NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
$0: warning: the \"--with-ipv6\" option is deprecated"
-@@ -228,6 +237,7 @@
+@@ -228,6 +237,7 @@ do
--with-http_ssl_module) HTTP_SSL=YES ;;
--with-http_v2_module) HTTP_V2=YES ;;
@@ -300,7 +566,7 @@ diff -r 67408b4a12c0 auto/options
--with-http_realip_module) HTTP_REALIP=YES ;;
--with-http_addition_module) HTTP_ADDITION=YES ;;
--with-http_xslt_module) HTTP_XSLT=YES ;;
-@@ -314,6 +324,7 @@
+@@ -314,6 +324,7 @@ use the \"--with-mail_ssl_module\" optio
--with-stream) STREAM=YES ;;
--with-stream=dynamic) STREAM=DYNAMIC ;;
--with-stream_ssl_module) STREAM_SSL=YES ;;
@@ -308,7 +574,7 @@ diff -r 67408b4a12c0 auto/options
--with-stream_realip_module) STREAM_REALIP=YES ;;
--with-stream_geoip_module) STREAM_GEOIP=YES ;;
--with-stream_geoip_module=dynamic)
-@@ -443,8 +454,11 @@
+@@ -443,8 +454,11 @@ cat << END
--with-file-aio enable file AIO support
@@ -320,7 +586,7 @@ diff -r 67408b4a12c0 auto/options
--with-http_realip_module enable ngx_http_realip_module
--with-http_addition_module enable ngx_http_addition_module
--with-http_xslt_module enable ngx_http_xslt_module
-@@ -533,6 +547,7 @@
+@@ -533,6 +547,7 @@ cat << END
--with-stream enable TCP/UDP proxy module
--with-stream=dynamic enable dynamic TCP/UDP proxy module
--with-stream_ssl_module enable ngx_stream_ssl_module
@@ -328,10 +594,10 @@ diff -r 67408b4a12c0 auto/options
--with-stream_realip_module enable ngx_stream_realip_module
--with-stream_geoip_module enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
-diff -r 67408b4a12c0 auto/os/linux
---- a/auto/os/linux Tue Dec 28 18:28:38 2021 +0300
-+++ b/auto/os/linux Tue Jan 04 18:14:15 2022 -0500
-@@ -233,3 +233,63 @@
+diff --git a/auto/os/linux b/auto/os/linux
+--- a/auto/os/linux
++++ b/auto/os/linux
+@@ -233,3 +233,63 @@ ngx_include="sys/vfs.h"; . auto/incl
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
@@ -395,10 +661,10 @@ diff -r 67408b4a12c0 auto/os/linux
+ int val;
+ getsockopt(0, SOL_UDP, UDP_SEGMENT, &val, &optlen)"
+. auto/feature
-diff -r 67408b4a12c0 auto/sources
---- a/auto/sources Tue Dec 28 18:28:38 2021 +0300
-+++ b/auto/sources Tue Jan 04 18:14:15 2022 -0500
-@@ -83,13 +83,14 @@
+diff --git a/auto/sources b/auto/sources
+--- a/auto/sources
++++ b/auto/sources
+@@ -83,13 +83,14 @@ CORE_SRCS="src/core/nginx.c \
EVENT_MODULES="ngx_events_module ngx_event_core_module"
@@ -415,10 +681,10 @@ diff -r 67408b4a12c0 auto/sources
EVENT_SRCS="src/event/ngx_event.c \
src/event/ngx_event_timer.c \
-diff -r 67408b4a12c0 src/core/nginx.c
---- a/src/core/nginx.c Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/core/nginx.c Tue Jan 04 18:14:15 2022 -0500
-@@ -680,6 +680,9 @@
+diff --git a/src/core/nginx.c b/src/core/nginx.c
+--- a/src/core/nginx.c
++++ b/src/core/nginx.c
+@@ -680,6 +680,9 @@ ngx_exec_new_binary(ngx_cycle_t *cycle,
ls = cycle->listening.elts;
for (i = 0; i < cycle->listening.nelts; i++) {
@@ -428,9 +694,10 @@ diff -r 67408b4a12c0 src/core/nginx.c
p = ngx_sprintf(p, "%ud;", ls[i].fd);
}
-diff -r 67408b4a12c0 src/core/ngx_bpf.c
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/core/ngx_bpf.c Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/core/ngx_bpf.c b/src/core/ngx_bpf.c
+new file mode 100644
+--- /dev/null
++++ b/src/core/ngx_bpf.c
@@ -0,0 +1,143 @@
+
+/*
@@ -575,9 +842,10 @@ diff -r 67408b4a12c0 src/core/ngx_bpf.c
+
+ return ngx_bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr));
+}
-diff -r 67408b4a12c0 src/core/ngx_bpf.h
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/core/ngx_bpf.h Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/core/ngx_bpf.h b/src/core/ngx_bpf.h
+new file mode 100644
+--- /dev/null
++++ b/src/core/ngx_bpf.h
@@ -0,0 +1,43 @@
+
+/*
@@ -622,10 +890,10 @@ diff -r 67408b4a12c0 src/core/ngx_bpf.h
+int ngx_bpf_map_lookup(int fd, const void *key, void *value);
+
+#endif /* _NGX_BPF_H_INCLUDED_ */
-diff -r 67408b4a12c0 src/core/ngx_connection.c
---- a/src/core/ngx_connection.c Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/core/ngx_connection.c Tue Jan 04 18:14:15 2022 -0500
-@@ -1037,6 +1037,12 @@
+diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
+--- a/src/core/ngx_connection.c
++++ b/src/core/ngx_connection.c
+@@ -1037,6 +1037,12 @@ ngx_close_listening_sockets(ngx_cycle_t
ls = cycle->listening.elts;
for (i = 0; i < cycle->listening.nelts; i++) {
@@ -638,10 +906,10 @@ diff -r 67408b4a12c0 src/core/ngx_connection.c
c = ls[i].connection;
if (c) {
-diff -r 67408b4a12c0 src/core/ngx_connection.h
---- a/src/core/ngx_connection.h Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/core/ngx_connection.h Tue Jan 04 18:14:15 2022 -0500
-@@ -73,6 +73,7 @@
+diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h
+--- a/src/core/ngx_connection.h
++++ b/src/core/ngx_connection.h
+@@ -73,6 +73,7 @@ struct ngx_listening_s {
unsigned reuseport:1;
unsigned add_reuseport:1;
unsigned keepalive:2;
@@ -649,7 +917,7 @@ diff -r 67408b4a12c0 src/core/ngx_connection.h
unsigned deferred_accept:1;
unsigned delete_deferred:1;
-@@ -147,6 +148,10 @@
+@@ -147,6 +148,10 @@ struct ngx_connection_s {
ngx_proxy_protocol_t *proxy_protocol;
@@ -660,10 +928,10 @@ diff -r 67408b4a12c0 src/core/ngx_connection.h
#if (NGX_SSL || NGX_COMPAT)
ngx_ssl_connection_t *ssl;
#endif
-diff -r 67408b4a12c0 src/core/ngx_core.h
---- a/src/core/ngx_core.h Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/core/ngx_core.h Tue Jan 04 18:14:15 2022 -0500
-@@ -27,6 +27,7 @@
+diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h
+--- a/src/core/ngx_core.h
++++ b/src/core/ngx_core.h
+@@ -27,6 +27,7 @@ typedef struct ngx_connection_s ngx
typedef struct ngx_thread_task_s ngx_thread_task_t;
typedef struct ngx_ssl_s ngx_ssl_t;
typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
@@ -671,7 +939,7 @@ diff -r 67408b4a12c0 src/core/ngx_core.h
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
typedef struct ngx_udp_connection_s ngx_udp_connection_t;
-@@ -82,6 +83,9 @@
+@@ -82,6 +83,9 @@ typedef void (*ngx_connection_handler_pt
#include <ngx_resolver.h>
#if (NGX_OPENSSL)
#include <ngx_event_openssl.h>
@@ -681,7 +949,7 @@ diff -r 67408b4a12c0 src/core/ngx_core.h
#endif
#include <ngx_process_cycle.h>
#include <ngx_conf_file.h>
-@@ -91,6 +95,9 @@
+@@ -91,6 +95,9 @@ typedef void (*ngx_connection_handler_pt
#include <ngx_connection.h>
#include <ngx_syslog.h>
#include <ngx_proxy_protocol.h>
@@ -691,10 +959,10 @@ diff -r 67408b4a12c0 src/core/ngx_core.h
#define LF (u_char) '\n'
-diff -r 67408b4a12c0 src/event/ngx_event.c
---- a/src/event/ngx_event.c Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/event/ngx_event.c Tue Jan 04 18:14:15 2022 -0500
-@@ -266,6 +266,18 @@
+diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
+--- a/src/event/ngx_event.c
++++ b/src/event/ngx_event.c
+@@ -266,6 +266,18 @@ ngx_process_events_and_timers(ngx_cycle_
ngx_int_t
ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags)
{
@@ -713,7 +981,7 @@ diff -r 67408b4a12c0 src/event/ngx_event.c
if (ngx_event_flags & NGX_USE_CLEAR_EVENT) {
/* kqueue, epoll */
-@@ -336,9 +348,15 @@
+@@ -336,9 +348,15 @@ ngx_handle_write_event(ngx_event_t *wev,
{
ngx_connection_t *c;
@@ -731,23 +999,10 @@ diff -r 67408b4a12c0 src/event/ngx_event.c
if (ngx_send_lowat(c, lowat) == NGX_ERROR) {
return NGX_ERROR;
}
-@@ -917,6 +935,12 @@
- {
- int sndlowat;
-
-+#if (NGX_QUIC)
-+ if (c->quic) {
-+ return NGX_OK;
-+ }
-+#endif
-+
- #if (NGX_HAVE_LOWAT_EVENT)
-
- if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) {
-diff -r 67408b4a12c0 src/event/ngx_event.h
---- a/src/event/ngx_event.h Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/event/ngx_event.h Tue Jan 04 18:14:15 2022 -0500
-@@ -493,12 +493,6 @@
+diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h
+--- a/src/event/ngx_event.h
++++ b/src/event/ngx_event.h
+@@ -493,12 +493,6 @@ extern ngx_module_t ngx_event_
void ngx_event_accept(ngx_event_t *ev);
@@ -760,7 +1015,7 @@ diff -r 67408b4a12c0 src/event/ngx_event.h
ngx_int_t ngx_trylock_accept_mutex(ngx_cycle_t *cycle);
ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle);
u_char *ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len);
-@@ -528,6 +522,7 @@
+@@ -528,6 +522,7 @@ ngx_int_t ngx_send_lowat(ngx_connection_
#include <ngx_event_timer.h>
#include <ngx_event_posted.h>
@@ -768,10 +1023,10 @@ diff -r 67408b4a12c0 src/event/ngx_event.h
#if (NGX_WIN32)
#include <ngx_iocp_module.h>
-diff -r 67408b4a12c0 src/event/ngx_event_openssl.c
---- a/src/event/ngx_event_openssl.c Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/event/ngx_event_openssl.c Tue Jan 04 18:14:15 2022 -0500
-@@ -3146,6 +3146,13 @@
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -3146,6 +3146,13 @@ ngx_ssl_shutdown(ngx_connection_t *c)
ngx_err_t err;
ngx_uint_t tries;
@@ -785,9 +1040,9 @@ diff -r 67408b4a12c0 src/event/ngx_event_openssl.c
rc = NGX_OK;
ngx_ssl_ocsp_cleanup(c);
-diff -r 67408b4a12c0 src/event/ngx_event_openssl.h
---- a/src/event/ngx_event_openssl.h Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/event/ngx_event_openssl.h Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
+--- a/src/event/ngx_event_openssl.h
++++ b/src/event/ngx_event_openssl.h
@@ -24,6 +24,14 @@
#include <openssl/engine.h>
#endif
@@ -803,9 +1058,9 @@ diff -r 67408b4a12c0 src/event/ngx_event_openssl.h
#include <openssl/hmac.h>
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
-diff -r 67408b4a12c0 src/event/ngx_event_udp.c
---- a/src/event/ngx_event_udp.c Tue Dec 28 18:28:38 2021 +0300
-+++ b/src/event/ngx_event_udp.c Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/event/ngx_event_udp.c b/src/event/ngx_event_udp.c
+--- a/src/event/ngx_event_udp.c
++++ b/src/event/ngx_event_udp.c
@@ -12,52 +12,37 @@
#if !(NGX_WIN32)
@@ -868,7 +1123,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
#endif
if (ev->timedout) {
-@@ -92,25 +77,13 @@
+@@ -92,25 +77,13 @@ ngx_event_recvmsg(ngx_event_t *ev)
msg.msg_iov = iov;
msg.msg_iovlen = 1;
@@ -899,7 +1154,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
#endif
n = recvmsg(lc->fd, &msg, 0);
-@@ -129,7 +102,7 @@
+@@ -129,7 +102,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
return;
}
@@ -908,7 +1163,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) {
ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
"recvmsg() truncated data");
-@@ -137,21 +110,21 @@
+@@ -137,21 +110,21 @@ ngx_event_recvmsg(ngx_event_t *ev)
}
#endif
@@ -936,7 +1191,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
ngx_memzero(&sa, sizeof(struct sockaddr));
sa.sockaddr.sa_family = ls->sockaddr->sa_family;
}
-@@ -159,7 +132,7 @@
+@@ -159,7 +132,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
local_sockaddr = ls->sockaddr;
local_socklen = ls->socklen;
@@ -945,7 +1200,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (ls->wildcard) {
struct cmsghdr *cmsg;
-@@ -171,66 +144,43 @@
+@@ -171,66 +144,43 @@ ngx_event_recvmsg(ngx_event_t *ev)
cmsg != NULL;
cmsg = CMSG_NXTHDR(&msg, cmsg))
{
@@ -1042,7 +1297,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (c) {
-@@ -252,10 +202,14 @@
+@@ -252,10 +202,14 @@ ngx_event_recvmsg(ngx_event_t *ev)
buf.pos = buffer;
buf.last = buffer + n;
@@ -1058,7 +1313,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
rev->ready = 1;
rev->active = 0;
-@@ -263,7 +217,7 @@
+@@ -263,7 +217,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
rev->handler(rev);
if (c->udp) {
@@ -1067,7 +1322,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
}
rev->ready = 0;
-@@ -286,7 +240,7 @@
+@@ -286,7 +240,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
c->shared = 1;
c->type = SOCK_DGRAM;
@@ -1076,7 +1331,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
#if (NGX_STAT_STUB)
(void) ngx_atomic_fetch_add(ngx_stat_active, 1);
-@@ -298,13 +252,21 @@
+@@ -298,13 +252,21 @@ ngx_event_recvmsg(ngx_event_t *ev)
return;
}
@@ -1100,7 +1355,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
log = ngx_palloc(c->pool, sizeof(ngx_log_t));
if (log == NULL) {
-@@ -405,7 +367,7 @@
+@@ -405,7 +367,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
}
#endif
@@ -1109,7 +1364,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
ngx_close_accepted_udp_connection(c);
return;
}
-@@ -448,17 +410,17 @@
+@@ -448,17 +410,17 @@ ngx_udp_shared_recv(ngx_connection_t *c,
ssize_t n;
ngx_buf_t *b;
@@ -1130,7 +1385,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
c->read->ready = 0;
c->read->active = 1;
-@@ -494,8 +456,8 @@
+@@ -494,8 +456,8 @@ ngx_udp_rbtree_insert_value(ngx_rbtree_n
udpt = (ngx_udp_connection_t *) temp;
ct = udpt->connection;
@@ -1141,7 +1396,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (rc == 0 && c->listening->wildcard) {
rc = ngx_cmp_sockaddr(c->local_sockaddr, c->local_socklen,
-@@ -521,12 +483,18 @@
+@@ -521,12 +483,18 @@ ngx_udp_rbtree_insert_value(ngx_rbtree_n
static ngx_int_t
@@ -1162,7 +1417,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (c->udp) {
return NGX_OK;
}
-@@ -536,19 +504,6 @@
+@@ -536,19 +504,6 @@ ngx_insert_udp_connection(ngx_connection
return NGX_ERROR;
}
@@ -1182,7 +1437,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
cln = ngx_pool_cleanup_add(c->pool, 0);
if (cln == NULL) {
return NGX_ERROR;
-@@ -557,7 +512,10 @@
+@@ -557,7 +512,10 @@ ngx_insert_udp_connection(ngx_connection
cln->data = c;
cln->handler = ngx_delete_udp_connection;
@@ -1194,7 +1449,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
c->udp = udp;
-@@ -566,6 +524,30 @@
+@@ -566,6 +524,30 @@ ngx_insert_udp_connection(ngx_connection
void
@@ -1225,7 +1480,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
ngx_delete_udp_connection(void *data)
{
ngx_connection_t *c = data;
-@@ -581,8 +563,8 @@
+@@ -581,8 +563,8 @@ ngx_delete_udp_connection(void *data)
static ngx_connection_t *
@@ -1236,7 +1491,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
{
uint32_t hash;
ngx_int_t rc;
-@@ -590,27 +572,15 @@
+@@ -590,27 +572,15 @@ ngx_lookup_udp_connection(ngx_listening_
ngx_rbtree_node_t *node, *sentinel;
ngx_udp_connection_t *udp;
@@ -1267,7 +1522,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (ls->wildcard) {
ngx_crc32_update(&hash, (u_char *) local_sockaddr, local_socklen);
-@@ -636,8 +606,7 @@
+@@ -636,8 +606,7 @@ ngx_lookup_udp_connection(ngx_listening_
c = udp->connection;
@@ -1277,7 +1532,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
if (rc == 0 && ls->wildcard) {
rc = ngx_cmp_sockaddr(local_sockaddr, local_socklen,
-@@ -645,6 +614,13 @@
+@@ -645,6 +614,13 @@ ngx_lookup_udp_connection(ngx_listening_
}
if (rc == 0) {
@@ -1291,9 +1546,10 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c
return c;
}
-diff -r 67408b4a12c0 src/event/ngx_event_udp.h
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/ngx_event_udp.h Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/event/ngx_event_udp.h b/src/event/ngx_event_udp.h
+new file mode 100644
+--- /dev/null
++++ b/src/event/ngx_event_udp.h
@@ -0,0 +1,76 @@
+
+/*
@@ -1371,9 +1627,10 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.h
+
+
+#endif /* _NGX_EVENT_UDP_H_INCLUDED_ */
-diff -r 67408b4a12c0 src/event/quic/bpf/bpfgen.sh
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/bpf/bpfgen.sh Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/event/quic/bpf/bpfgen.sh b/src/event/quic/bpf/bpfgen.sh
+new file mode 100644
+--- /dev/null
++++ b/src/event/quic/bpf/bpfgen.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+
@@ -1488,9 +1745,10 @@ diff -r 67408b4a12c0 src/event/quic/bpf/bpfgen.sh
+process_section
+generate_tail
+
-diff -r 67408b4a12c0 src/event/quic/bpf/makefile
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/event/quic/bpf/makefile Tue Jan 04 18:14:15 2022 -0500
+diff --git a/src/event/quic/bpf/makefile b/src/event/quic/bpf/makefile
+new file mode 100644
+--- /dev/null
++++ b/src/event/quic/bpf/makefile
*** 1412 LINES SKIPPED ***